Google Professional-Cloud-Network-Engineer Exam With Confidence Using Practice Dumps

Cloud Armour is applied at load balancers Configuring Google Cloud Armor through Ingress. Security policy features Google Cloud Armor security policies have the following core features: You can optionally use the QUIC protocol with load balancers that use Google Cloud Armor. You can use Google Cloud Armor with external HTTP(S) load balancers that are in either Premium Tier or Standard Tier. You can use security policies with GKE and the default Ingress controller.

To configure Cloud CDN for an application hosted outside of Google Cloud (e.g., in AWS), you need to use an internet network endpoint group (NEG). An internet NEG allows you to point to external endpoints using their FQDN or IP address. Cloud CDN works with external HTTP(S) Load Balancers, and you enable CDN on the backend service associated with the load balancer. A Network Load Balancer (passthrough) does not support Cloud CDN.

Exact Extract:

"To enable Cloud CDN for content hosted outside of Google Cloud, you must use an external HTTP(S) Load Balancer with an internet network endpoint group (NEG)."

"An internet NEG specifies one or more external endpoints that can be reached by an external HTTP(S) Load Balancer. You can specify endpoints using an IP address and port, or a fully qualified domain name (FQDN) and port."

"Cloud CDN is enabled on the backend service of an external HTTP(S) Load Balancer."Reference: Google Cloud CDN Documentation - Caching external content, Internet NEGs overview

Explanation: VPC Network Peering is the most cost-effective and high-performance method for connecting two VPCs. Since one VPC uses privately used public IP (PUPI) ranges, you need to configure peering to allow the export and import of subnet routes with public IP addresses. Firewall rules can be used to control traffic between the resources.